How To Guide

How to Respond to a Suspected Virus Infection

If you suspect your computer has a virus, acting quickly and methodically can prevent data loss and further damage. This guide walks you through containment, identification, and removal.

Overview

Signs of infection include slow performance, unexpected pop-ups, programs opening on their own, high network activity, or disabled security software. If you notice any of these, follow these steps immediately.

Step 1: Immediate Containment

Stop the infection from spreading or communicating with attackers.

Disconnect from the Internet

Turn off Wi-Fi via the taskbar network icon
Unplug ethernet cable if using wired connection
Disable Bluetooth to prevent lateral spread
Do NOT turn off the computer yet — you may need running processes for diagnosis

Disconnect External Devices

Remove USB drives and external hard drives
Disconnect network-attached storage
Remove SD cards and other removable media
These prevent the infection from spreading to backups

Warning:

Do not plug infected USB drives into other computers. They may carry the infection.

Note Symptoms

Write down what triggered your suspicion
Screenshot any error messages or pop-ups
Note which programs are behaving abnormally
Check Task Manager (Ctrl+Shift+Esc) for suspicious processes
Record the time you first noticed issues

Step 2: Scan and Identify

Use your antivirus to find and identify the threat.

Boot into Safe Mode

Press Windows key → Power → Hold Shift and click Restart
Choose Troubleshoot → Advanced Options → Startup Settings → Restart
Press 5 or F5 for 'Safe Mode with Networking'
Safe Mode runs only essential services, limiting malware activity

Run Full Antivirus Scan

Open Windows Security → Virus & threat protection
Click 'Scan options' → 'Full scan' → 'Scan now'
Full scan checks every file — may take 1-3 hours
Do not interrupt the scan
Review results and note threat names

Run Secondary Scanner

Download Malwarebytes Free (malwarebytes.com) if not installed
Run a full Malwarebytes scan after antivirus scan completes
Different scanners catch different threats
Compare results between both tools

Pro Tip:

Using two different scanning tools significantly increases detection rates. No single tool catches everything.

Check Browser Extensions

Open browser Settings → Extensions
Remove any extensions you don't recognise
Reset browser settings if homepage or search engine changed
Clear browser cache and cookies

Step 3: Remove and Recover

Clean up the infection and restore your system.

Quarantine or Delete Threats

Follow antivirus recommendations for each threat
Quarantine first if unsure — you can delete later
Delete confirmed malware files
Empty quarantine after confirming system is clean

Change All Passwords

Change passwords for email, banking, and social media IMMEDIATELY
Use a clean device if possible (phone or another computer)
Enable two-factor authentication on all accounts
Check bank statements for unauthorised transactions
Monitor credit reports for unusual activity

Update Everything

Install all Windows updates
Update antivirus definitions
Update all installed software
Update browser to latest version
Vulnerabilities in outdated software are common entry points

Restore from Backup (If Needed)

If system is still unstable, restore from a pre-infection backup
Only restore data files — not programs (they may be infected)
Scan restored files before opening them
If no backup exists, consider professional data recovery

Step 4: Prevent Future Infections

Reduce the risk of getting infected again.

Strengthen Your Defences

Keep real-time antivirus protection enabled
Enable Windows Firewall
Use an ad blocker in your browser
Don't download software from unofficial sources
Be cautious with email attachments — even from known contacts

Set Up Regular Backups

Enable Windows File History or use backup software
Back up to an external drive AND cloud storage
Test restoring from backup periodically
Keep at least one backup disconnected (offline)